Personally identifiable information (PII) that is not needed for downstream use or recovery should be redacted (covered over with masking characters, or removed) to prevent misuse. Meanwhile, other data elements or selected parts of the PII value itself may still need to be exposed.

At the same time, the masking should preserve the original storage format and overall field appearance so that the platform (e.g., DB table) structure or application need not be altered. Masking all but the last four digits of a credit card or social security number with asterisks is a common data redaction requirement.

While DBAs can remove columns in tables, there are few alternatives for masking data in different ways across multiple databases and file sources.

Search for, classify, and redact a specified number of bytes, defined (sub-)strings, entire fields, or one or more rows. Choose the type and start/stop locations of the masking characters. Determine whether to apply the redaction based on column names or field value conditions.

Character masking is just one of the non-reversible protection functions provided in IRI software. Others include randomization, external source pseudonymization, and possibly hashing. Reversible protections include encryption, encoding, a proprietary ASCII de-ID function, same-source pseudonymization, expression logic, and string functions.

SortCL users have the additional option to transform and report on data as they redact it in whole or part.

All IRI software is supported in a free, familiar GUI built on Eclipse called IRI Workbench, which exposes and profiles multiple data sources, helps configure masking jobs, and manages the projects for team-sharing and compliance verification.

Redact CCN

Redact NID

Redact SSN

Delete Column

Unstructured Sources

Hadoop Options

In addition to credit card encryption and tokenization options for PCI DSS applications, IRI also provides a convenient way to mask all or part of a 16-digit credit card number in database tables and flat files.

The IRI Workbench GUI for FieldShield can automatically mask all but the last 4 digits of the field in any database or flat file. You can also define another character and set of digits to mask in the same dialog:

If you manage personally identifiable data in database tables or flat files, you can select which source columns and values will remain or display in your target(s). Populate tables, reports, and hand-off files with data provided on a need-to-know basis.

With either IRI Voracity, IRI FieldShield or the SortCL program in IRI CoSort, you can selectively omit or mask parts of rows or columns from inputs or outputs based on conditional evaluation logic. That is, either filter out or cover over the field values or component parts (sub-strings or particular bytes) based on your business rules.

If the sensitive data reside in unstructured text files, IRI software can help you find, structure, and place that information in protected, structured targets.

Additional FieldShield functions like encryption, de-identification, and obfuscation are also possible on other fields at the same time. CoSort SortCL users can also redact and mask data during data transformation, migration, and reporting operations.

If you have data in unstructured text files, Microsoft Office documents, .pdf, .rtf, or .html files, use IRI Voracity\'s dark data discovery wizard to find (and extract) the values that match patterns you define or values matched to a dictionary lookup. IRI partner technology does the rest.

The IRI Voracity total data management platform can redact PII at the field-level in HDFS files, cloud apps, and other big data (Hive, NoSQL, etc.) sources.